Difference between revisions of "Infrastructure Team/Puppet"

From Sugar Labs
Jump to navigation Jump to search
 
(10 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
Sugar Labs Puppet infrastructure.
 
Sugar Labs Puppet infrastructure.
  
== Recipes ==
+
== Modules ==
  
There are two kinds of Puppet recipes:
+
Puppet modules configure particular services like [[Service/git|git.sugarlabs.org]] or MySQL but not tied to final configurations, they are being configured from [[#Master|puppetmaster]].
  
* Puppet modules that are abstracted from final usage on particular Sugar Labs sites,
+
All modules are collected as repositories in [http://git.sugarlabs.org/puppets puppets] Gitorious project. Modules might be created from scratch or mirrored from upstream, so, all modules that are used within Sugar Labs are stored in one place. Module repository might have followed branches:
* and recipes that composite modules and describe final configurations of Sugar Labs services.
 
 
 
=== Modules ===
 
 
 
Puppet modules configure particular services (e.g., mysqld) and are not tied to final configurations. All modules are collected as repositories in [http://git.sugarlabs.org/puppets puppets] Gitorious project. Modules might be created from scratch or mirrored from upstream, so, all modules that are used within Sugar Labs are stored in one place. Module repository might have followed branches:
 
  
 
* ''master'', development version (might be absent if project is mirrorred from upstream),
 
* ''master'', development version (might be absent if project is mirrorred from upstream),
Line 18: Line 13:
 
Auto generated [http://api.sugarlabs.org/puppets/ documentation].
 
Auto generated [http://api.sugarlabs.org/puppets/ documentation].
  
=== Final configuration ===
+
== Master ==
 +
 
 +
Only puppetmaster keeps final configuration for all Sugar Labs services. It is being started in a private git repository on [[Machine/lightwave]], which is a high security machine.
  
Final recipes are stored on [[Machine/lightwave|puppetmaster host]] in private git repository:
+
=== Private repository ===
  
 
* {{Code|/var/lib/puppet/etc/puppet.git}}
 
* {{Code|/var/lib/puppet/etc/puppet.git}}
Line 50: Line 47:
  
 
  #!/bin/bash
 
  #!/bin/bash
  /bin/bash /usr/share/doc/git-core/contrib/hooks/post-receive-email
+
  sh /usr/share/doc/git-core/contrib/hooks/post-receive-email
 
  git checkout -f
 
  git checkout -f
  tail -n0 -f /var/log/daemon.log &
+
  for i in $(ls /etc/puppet/manifests/nodes/*.pp); do puppet kick $(basename $i .pp); done
puppet kick --all
+
 
sleep 3
+
=== Repository hierarchy ===
 +
 
 +
Git repository consists of:
  
Git repository has submodules to all, used on all puppetized hosts, modules from [http://git.sugarlabs.org/puppets puppets] project. All submodules are checked out to ''production'' branch.
+
* {{Code|manifests/site.pp}}, main recipe which contain common settings and includes nodes.
 +
* {{Code|manifests/services/}}, recipes that describes final configuration for particular services.
 +
* {{Code|manifests/nodes/}}, puppetized nodes, configuration for hosts that ask puppetmaster.
 +
* {{Code|modules/}}, git submodules with Puppet [[#Modules|modules]].
  
 
== Nodes ==
 
== Nodes ==
  
''In progress''
+
Hosts that fetch configuration from the [[#Master|puppetmast]] need <code>puppet >= 2.6</code> package.
 +
 
 +
If {{Code|puppet}} was installed from gems, it needs to be initially configured:
 +
 
 +
puppet master --mkusers
 +
 
 +
To complete configuration, execute:
  
End-usage nodes. Configuration settings are tracked by local git repository only since contain private data.
+
puppet agent --no-daemonize --onetime --server puppet.sugarlabs.org
  
=== jita.sugarlabs.org ===
+
Every puppetized host should have particular node file in {{Code|manifests/nodes/<host-name>.pp}} on [[#Master|puppetmaster]].

Latest revision as of 18:17, 1 October 2011

Sugar Labs Puppet infrastructure.

Modules

Puppet modules configure particular services like git.sugarlabs.org or MySQL but not tied to final configurations, they are being configured from puppetmaster.

All modules are collected as repositories in puppets Gitorious project. Modules might be created from scratch or mirrored from upstream, so, all modules that are used within Sugar Labs are stored in one place. Module repository might have followed branches:

  • master, development version (might be absent if project is mirrorred from upstream),
  • production, version is being used in production,
  • upstream, if it is mirrorred project.

Auto generated documentation.

Master

Only puppetmaster keeps final configuration for all Sugar Labs services. It is being started in a private git repository on Machine/lightwave, which is a high security machine.

Private repository

  • /var/lib/puppet/etc/puppet.git
  • /var/lib/puppet/etc/puppet detached working directory
  • /etc/puppet symlink to detached working directory
  • /var/lib/puppet/etc/puppet.git/config:
[core]
repositoryformatversion = 0
filemode = true
bare = false
sharedRepository = true
logallrefupdates = true
worktree = /etc/puppet

[receive]
denycurrentbranch = ignore

[hooks]
mailinglist = systems-logs@...
emailprefix = "[PUPPET] "
showrev = "git show -C %s; echo"
  • /var/lib/puppet/etc/puppet.git/description:
Sugar Labs Puppet configuration
  • /var/lib/puppet/etc/puppet.git/hooks/post-receive
#!/bin/bash
sh /usr/share/doc/git-core/contrib/hooks/post-receive-email
git checkout -f
for i in $(ls /etc/puppet/manifests/nodes/*.pp); do puppet kick $(basename $i .pp); done

Repository hierarchy

Git repository consists of:

  • manifests/site.pp, main recipe which contain common settings and includes nodes.
  • manifests/services/, recipes that describes final configuration for particular services.
  • manifests/nodes/, puppetized nodes, configuration for hosts that ask puppetmaster.
  • modules/, git submodules with Puppet modules.

Nodes

Hosts that fetch configuration from the puppetmast need puppet >= 2.6 package.

If puppet was installed from gems, it needs to be initially configured:

puppet master --mkusers

To complete configuration, execute:

puppet agent --no-daemonize --onetime --server puppet.sugarlabs.org

Every puppetized host should have particular node file in manifests/nodes/<host-name>.pp on puppetmaster.